Hi Fediverse denizens. I've been working on a project I hope will help Fediverse devs make software that federates across ALL services, not just Mastodon-plus-a-few-others.
-
@fembot sure - someone could run a separate server of this and make it malicious!
In terms of malicious code getting into this project via open source channels, I guess it's the same risk as any open source project. But it's a pretty small and uncomplex code base so I'm thinking it would be easy to spot that kind of thing
-
๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธreplied to Darius Kazemi last edited by
@darius how can you know what they use without using them?
-
Darius Kazemireplied to ๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ last edited by
@schizanon it's to identify problems as a first step prior to further investigation. But I need to know what software to investigate in the first place. I've already done a bunch of investigation myself that has led me to learning about lots of new to me projects and sleuthing in their federation source code
-
๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธreplied to Darius Kazemi last edited by
@darius so you're actually reading the source code for every AP impl? How will you know if they change?
-
Darius Kazemireplied to ๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ last edited by
@schizanon there's a whole community of researchers that keep track of source code on all sorts of projects. We work together to keep each other informed and this tool is a piece of that process
-
Darius Kazemireplied to ๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ last edited by
@schizanon there's a whole community of ActivityPub researchers that keep track of source code on all sorts of projects. We work together to keep each other informed and this tool is a piece of that process
-
@[email protected] Hey just an fyi, I sent an email and it bounced.
We could not deliver the attached mail for the following recipients. [email protected] at remote mailserver smtp.cyber.harvard.edu. (128.103.64.104): SMTPAddressFailedException: 450 4.1.1 <[email protected]>: Recipient address rejected: unverified address: unknown user: "fediverseobservatory" (450)
(this is what my mail provider sent, I am unsure if it's a configuration issue on harvard's side, or if I misspelled the email address) -
@[email protected] Sorry I didn't notice this! I can just copy down the email contents verbatim if that'd be better. Wanted to let you know in case you were wondering why nobody was inquiring
-
@puppygirlhornypost2 you can resend!! we had an early bug with the email address but it's sorted out
-
โจใกใใใฉโจ :sabakan: :mastodont:replied to Darius Kazemi last edited by
@darius First up: I think this is a great idea :neocat_thumbsup:
Something that I wonder, though, is how the service differentiates between fixed strings and variable strings. After all, there's no pattern matching that can be done to identify the string "Emoji" as fixed, but not do the same for a post's contents. Is that done based on frequency, or manual configuration, or maybe something completely different?
-
Darius Kazemireplied to โจใกใใใฉโจ :sabakan: :mastodont: last edited by
@mezzodrinker emoji is taken care of by the fact that I always record the content of a "type" field as-is, because that's a special property. Same with an "@context"
That's kinda all I need really! I just identify the metadata fields rather than trying to parse message content
-
โจใกใใใฉโจ :sabakan: :mastodont:replied to Darius Kazemi last edited by
@darius So at the moment, you manually whitelist specific paths in the JSON document, and those paths will be stored in verbatim? That sounds like it might make maintaining an up-to-date list of such paths a bit of a drag, but I also don't see a better way to do this without storing any non-schema activity contents :neocat_think:
-
Darius Kazemireplied to โจใกใใใฉโจ :sabakan: :mastodont: last edited by
@mezzodrinker yup! Work I'm willing to do